Your privacy is important to us

At TELUS, we know your privacy matters to you; earning and maintaining your trust matters to us. We understand that in today's technologically complex, data-driven world, it can be difficult to stay up-to-date on how personal information is being used. An important part of our commitment to respecting your privacy is our promise to be transparent with you about our privacy practices and to clearly explain how we protect your privacy. Below you will find information guides to help you understand TELUS' privacy practices.

We suggest that you start with our Privacy Commitment, which provides a summary of our customer privacy practices.

At TELUS, we respect our customers' privacy and take great care to safeguard personal information. As part of our ongoing commitment to putting customers first, we have a long-standing policy of protecting privacy in all of our business operations. 1 We believe that an important part of protecting privacy is to be clear about how we handle customers' personal information, and to make information about our approach easily accessible. While the TELUS Privacy Code sets out the general principles that govern the collection, use and disclosure of our customers' personal information2, we have also developed this Privacy Commitment to provide you with more specific details about our privacy practices.3

We have learned from our customers that sometimes you just want the big picture, while other times you may want more details or examples of how a policy or process works. For this reason, we have structured this Privacy Commitment in layers. Importantly, both our Privacy Code and Privacy Commitment reflect the requirements of Canada's applicable privacy legislation, including the Personal Information Protection and Electronic Documents Act, applicable Canadian Radio-Television and Telecommunications Commission (CRTC) privacy regulations, and our own continuing commitment to customer privacy. The bottom line is that we want you to understand the purposes for which we collect, use and disclose personal information about our customers. The following is a summary of our privacy practices.

Exception: This Commitment does not apply to personal information provided by or about customers who are consumers of TELUS Health consumer products and services. Our commitments governing the collection, use and disclosure of such individuals’ personal information are included in the TELUS Health Privacy Commitment.

1 In this Privacy Commitment, the words "we", "us", "our" or "TELUS" refer to TELUS Communications Inc. and its subsidiary companies, as they may exist from time to time, including those subsidiaries or divisions that carry on business under the names TELUS, TELUS Communications, TELUS Mobility, TELUS Québec, TELUS Retail Ltd., Koodo, Public Mobile and PC Mobile, but not including TELUS Health, TELUS Sourcing Solutions Inc. or TELUS Health and Payment Solutions or TELUS International (Cda) Inc.. The words "we" and "TELUS" do not include independent dealers and distributors of TELUS products and services.

2 The TELUS Privacy Code and this Commitment do not limit the collection, use or disclosure by TELUS of information that is publicly available. This includes: (a) a customer's name, address, telephone number, and email address, when listed in a directory or available through directory assistance; and (b) other information about the customer that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act or other applicable legislation. The TELUS Privacy Commitment and Code do not apply to information regarding TELUS corporate customers. However, such information is protected by other TELUS policies and practices and through contractual arrangements. The TELUS Privacy Code and the privacy practices described in this Commitment are subject to the provisions of all applicable legislation and regulations.

3 The definitions set out in the TELUS Privacy Code apply to this Commitment.

If you are a TELUS customer, TELUS collects certain information about you. We respect your privacy, which is why we collect personal information only for the following purposes:

Here are some examples of what we mean by this:

When you apply for a service, we generally set up an account and collect information such as name, address, date of birth, preferred language, TELUS account number(s), any other authorized users, unique account security PIN(s) and email address.

In order to confirm your identity and/or conduct a credit check, we may also ask for acceptable identification or identifying information.

We also collect and use some personal information to confirm your identity when you contact us. For example, when you call us, we will ask to confirm some personal information to verify it's actually you and not someone trying to access your account without authorization.

For billing purposes, we collect records of the services you use, such as telephone numbers, times, dates, and durations of incoming and outgoing cellular calls, and billable home phone calls and movies. We also collect payment information to set up pre-authorized payments if you choose to do so.

To assist you in understanding your bill, we also collect information about how the services or apps used on any of the devices on your account contribute to data usage.

If you use any of our home services, we collect your address and other relevant information in order to provide those services to your home.

Here are some examples of what we mean by this:

We maintain a record of the products and services you receive from us, and we may collect additional information about the usage levels and patterns associated with those products and services.

Some of the data we collect or use for this purpose includes your wireless device information, such as telephone number, SIM card number, operating system, network type, manufacturer, model and make, and IMEI serial number.

We may also collect additional information so that we can better meet your needs and preferences, including details of the products and services you receive from us, such as your wireless device rate plan, Optik TV channel subscriptions, or high-speed Internet rate plan.

We may collect or infer information about you or your preferences for particular products, services or lifestyle activities from information you provide us about yourself when you tell us your preferences, or when your usage activities indicate what your preferences are.

We have an automated system that analyzes your Optik TV viewing preferences in order to suggest shows or channels you may be interested in; for example, you may see on-screen suggestions in our Optik On Demand service, or may receive them directly from a customer service representative.

Here are some examples of what we mean by this:

From time to time, we may review and analyze your use of our products and services to help us provide better product recommendations and special offers that we think will interest you.

We may examine your wireless calling patterns in order to recommend a new monthly plan that saves you money.

We may analyze your use of our products and services to better understand your preferences, and to help us develop or enhance our products and services. This may include analysis of location data to provide relevant, new or enhanced products and services. For example, if you are roaming outside of the TELUS network with your wireless device, we may offer you a roaming package.

We may note that you have phone and Internet, and offer you a discount if you bundle with TV and/or wireless service.

We might recommend a new service or TELUS app that we think you'll enjoy based on your existing services with us or the apps you use.

We note that our customers who do not wish to receive these types of recommendations or offers may choose to be removed from our marketing lists at any time.

Here are some examples of what we mean by this:

We may collect personal information to help us manage our day-to-day operations efficiently, and to manage our infrastructure, including securing it and planning for future growth.

We analyze how many customers use our wireless sites at what times of the day to help us plan new infrastructure. We also look at records associated with text and multimedia messages - which includes the date and time of sent and received messages, but not the content itself, as well as the associated phone numbers and cell towers.

We similarly analyze records associated with calls made on our cellular network, including location data (i.e., locations of the cell towers that handled the communications). This also helps us plan for future infrastructure investment.

We may look at usage data on our high-speed Internet network to help us improve reliability and stability. We collect and use IP addresses and port numbers that our customers are assigned, have connected to, or attempted to connect to. This allows us to continue offering Internet connectivity.

We may use video surveillance to monitor and/or record the activity that occurs around TELUS stores, premises or infrastructure, including wireless sites. We may also use unmanned air vehicles (drones) to inspect our remote wireless or network sites (i.e., cell towers). This information is used to maintain our networks, or for security and investigation purposes to protect us from theft, vandalism or damage to our property.

We monitor activity on our networks to detect and prevent fraud to protect both our customers and our business.

We record interactions, such as telephone calls or chats, to or from TELUS service representatives for quality assurance and training purposes; our systems may also conduct real-time analytics on such interactions to identify trends and patterns to help us serve you better.

We collect information about visits to our websites (such as telus.com) to optimize our TELUS web properties, and for security purposes.

Here are some examples of what we mean by this:

We may collect or preserve information in response to a court order, which may include collecting your wireless device location for specific purposes.

For example, when you dial 911 and we provide GPS and triangulation data to the 911 operations centre.

There is certain information that we are required to collect, use and disclose as a regulated telecommunications company. For example, if a customer dials 911, we provide the customer's name, telephone number, and location information to the emergency agency. Another example would be to satisfy a request for information from the Canadian Radio-Television and Telecommunications Commission (CRTC) about a customer complaint and how it was resolved.

We need to collect certain information to comply with statutory obligations, including our tax reporting obligations.

We take great care with what information we share, and why. There are circumstances where we share some personal information about our customers:

Here are examples of what we mean by this. We may share personal information with:

a person seeking information as an agent of a customer, such as a customer's legal representative, or as an authorized user under his or her account, if we are satisfied that the person is authorized to receive the information;

other TELUS business units to help us serve our customers better and to provide them with services from different parts of our company;

another telecommunications company for the efficient and cost-effective provision of telecommunications services, such as the information required to facilitate the porting of services between carriers; for example, this type of sharing may take place when you are roaming outside TELUS networks;

a company involved in supplying a customer with telecommunications or directory related services; for example, Yellow or White Page listings, when your residential telephone number is published in the directory.

We may share information with our suppliers, agents or other organizations or individuals contracted to TELUS to perform services or functions on our behalf where they require the information to assist us in serving you. We strive to minimize the amount of personal information that we share with our service providers and partners; we share the information reasonably necessary to achieve the stated purpose, and require that it only be used to achieve that stated purpose.

Examples of what we mean by service providers or partners include organizations that:

Conduct research on our behalf, such as customer satisfaction surveys;

for the purposes of monthly reporting on the status of your payment history with TELUS

We may also share your personal information with collection agencies to collect an account if your account has been referred for collection.

We may share information with a public authority or agent of a public authority if, in the reasonable judgment of TELUS, it appears that there is imminent danger to the life, health or security of an individual which could be avoided or minimized by disclosure of the information.

We share customer personal information with law enforcement or other government agencies if we are required to do so to meet legal and regulatory requirements; for example, if TELUS is required to provide records to law enforcement in response to a valid court order.

Personal information collected by TELUS may be stored and processed in Canada or another country. In either case, the information is protected with appropriate security safeguards, but may be available to foreign government agencies under applicable law. When we do transfer data outside the country, we strive to minimize the amount of personal information that we transfer, using de-identification or other means where appropriate.

You should also note that while roaming outside of Canada, the storage, treatment and transfer of your personal information and data may be subject to laws or regulations different from those in Canada.

TELUS has appointed a Chief Data & Trust Officer to oversee the TELUS Data & Trust Office. The Office is responsible for maintaining an accountable privacy management program specifically designed to protect your privacy, and for setting policies and procedures to earn and maintain your trust in our data handling practices.

We have embraced the seven foundational principles of Privacy by Design, striving to embed these privacy enhancing principles into all of our product and service development processes.

TELUS maintains a robust information security governance program to protect your personal information with appropriate security safeguards. Our safeguards include administrative, physical and technical security controls. We protect the privacy of your personal information through contractual and other means when we are working with other companies.

We may de-identify personal information for a variety of reasons, including to safeguard it, or where de-identified information will serve the purposes for retaining the information. For example, we may de-identify certain network usage or location data for long term planning where individual customers' personal information is not required. We may also de-identify information prior to conducting analytics that don't require personal information.

We strive to keep your personal information as accurate and up-to-date as is reasonably necessary for the purposes we identify.

We respond in a timely manner to your requests for access to your personal information.

We take privacy and security training and awareness seriously, and we use a variety of different methods to assist our TELUS team members in respecting and protecting your privacy.

Unless you provide your express consent, TELUS does not disclose your personal information to marketers of third-party products to enable targeted advertising, or for any other purpose.

We are committed to being transparent with you about how we handle your personal information, including through this policy, our Privacy Code, our privacy page at telus.com/privacy, and our annual Transparency reporting.

We use cookies, in a limited manner and for purposes consistent with this Commitment. For more information, please refer to our Cookies Notice.

Privacy legislation generally sets out certain circumstances under which organizations may collect, use or disclose personal information without consent. Examples include emergency circumstances or the investigation of a contravention of laws. Other than under such specified circumstances, TELUS will not collect, use or disclose your personal information for any purpose other than those identified in this Commitment, our Privacy Code, your Customer Service Agreement, or our Service Terms, except with your consent.

TELUS will continue to review this Commitment to ensure it is relevant, remains current with changing technologies and laws, and continues to meet your evolving needs.

We rely on your consent to continue to collect, use and disclose your personal information for the purposes we have identified to you. However, we want you to know that you do have choices and can refuse or withdraw your consent as follows:

You may have your name removed from one or more of our marketing lists, such as our telephone, mail or email marketing lists. We use these lists to inform you of relevant products, services and special offers that may be of benefit to you.

Our directory publisher (i.e. Yellow Pages Group) makes available lists of published names, addresses and phone numbers to selected organizations for a fee. You may choose to be excluded from these lists (non-published names, addresses and phone numbers are automatically excluded).

You may refuse to provide personal information to us. You may also withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. However, in either case, this may limit our ability to serve you and may force us to cancel some or all of the services you receive from us.

For further information about the above options, please contact us at 1-800-567-0000.

Our mobility subscribers may also opt-out of including location information in de-identified form where the information or insights are intended to be disclosed to third parties to assist in research, planning, or product and service development, except where such sharing is required by law. For more information about this visit: telus.com/privacy and click on Data Analytics at TELUS.

Unless you tell us otherwise, we will assume that we have your consent to continue to collect, use and disclose your personal information for the purposes we have identified to you.

We want you to be comfortable with how we protect your privacy. If you have questions that are not addressed in this Commitment or our Privacy Code, please refer to our Frequently Asked Questions; you can also call us at 1-800-567-0000 or email privacy@telus.com.

Effective May 1, 2017

Our Privacy Code is a lengthier document which details our privacy practices for the protection of the personal information of both TELUS customers and TELUS team members.

At TELUS, we have a long-standing policy of protecting the privacy of customers and team members in all of our business operations. The TELUS Privacy Code is a formal statement of the principles and guidelines that govern how TELUS protects personal information of its customers (subject to the exclusions noted here and below under scope) and team members. It is based on and incorporates the ten principles1 that form the basis of all applicable privacy legislation in Canada, including Part 1 of the Personal Information Protection and Electronic Documents Act (Statutes of Canada 2000).

The TELUS Privacy Code was originally published in 1998: we regularly review it to ensure that it reflects legislative and technological changes and that it continues to reflect our practices and commitments.

Changes to this Privacy Code were last made in December, 2017.

1 We refer to the ten principles of the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information (CAN/CSA-Q830-96). These principles were published in March 1996 as a National Standard of Canada.

The ten principles, which form the basis of the TELUS Privacy Code, are interrelated and TELUS shall adhere to the ten principles as a whole. Each principle must be read in conjunction with the accompanying commentary. The commentary in the TELUS Privacy Code has been tailored to reflect personal information matters specific to TELUS.

The scope and application of the TELUS Privacy Code are as follows:

The Code applies to personal information collected, used, or disclosed by TELUS, including personal information of TELUS' customers and team members.

The Code applies to the management of personal information in any form whether oral, electronic or written.

The Code does not apply to personal information created or collected on behalf of or collected from TELUS’ (including TELUS Health’s) corporate/business customers; however, such information is protected by other TELUS policies and practices and through contractual arrangements.

The application of the TELUS Privacy Code is subject to the requirements and provisions of Part 1 of the Personal Information Protection and Electronic Documents Act and the regulations thereunder, provincial privacy legislation (where applicable), and any applicable regulations of the Canadian Radio-television and Telecommunications Commission.

Customer - An individual who uses, or applies to use, TELUS' products or services.

Team member - An employee of TELUS.

Personal information - Any information about an identifiable individual, other than the name, title or business address (including business email address) or business telephone or fax numbers of an employee of an organization.

Personal information does not include de-identified or aggregated information that cannot reasonably be associated with a specific individual.

Information about customers who are sole proprietors or partners is considered to be "personal information" if it is information about the individuals themselves, as distinct from information about their businesses. The latter is protected by other TELUS policies and practices and through contractual business arrangements.

TELUS - TELUS Communications Inc. and its subsidiary companies, as they may exist from time to time. These include, without limitation, the subsidiaries or divisions which carry on business under the following names: TELUS, TELUS Communications, TELUS Mobility, TELUS Québec, TELUS Retail Ltd., Koodo, Public Mobile, PC Mobile, TELUS Health, TELUS Health and Payment Solutions, and TELUS Sourcing Solutions Inc.. "TELUS" does not include independent dealers and distributors of TELUS products and services.

TELUS is responsible for personal information under its control and shall designate one or more persons who are accountable for TELUS' compliance with the following principles.

1.1 Responsibility for ensuring compliance with the provisions of the TELUS Privacy Code rests with the senior management of TELUS, which shall designate one or more persons to be accountable for compliance with the Code. Other individuals within TELUS may be delegated to act on behalf of the designated person(s) or to take responsibility for the day-to-day collection and processing of personal information.

1.2 TELUS shall make known, upon request, the identity of the person or persons designated to oversee TELUS' compliance with the TELUS Privacy Code.

1.3 TELUS is responsible for personal information in its possession or control. TELUS shall use appropriate means to provide a comparable level of protection while information is being processed by a third party (see Principle 7).

Implementing procedures to protect personal information and to oversee TELUS' compliance with the TELUS Privacy Code;

Establishing procedures to receive and respond to inquiries or complaints;

Training and communicating to team members about TELUS' policies and practices;

Developing public information to explain TELUS' policies and practices.

TELUS shall identify the purposes for which personal information is collected at or before the time the information is collected.

2.1 TELUS collects personal information of customers and team members only for the following purposes:

To establish and maintain a responsible commercial relationship with our customers and to provide ongoing service;

To understand customer needs and preferences;

To develop, enhance, market or provide products and services to our customers;

To manage and develop TELUS' business and operations, including personnel and employment matters;

To meet legal and regulatory requirements.

Further references to "identified purposes" mean the purposes identified in this Principle.

2.2 TELUS shall outline the purposes for which it collects personal information of team members in the Team Member Privacy Commitment.

2.3 TELUS shall specify the identified purpose or purposes to the customer or team member at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within TELUS who shall explain the purposes.

2.4 Unless required by law or for exceptions set out in applicable legislation, TELUS shall not use or disclose for any new (not previously-identified) purpose personal information that has been collected without first identifying the new purpose and obtaining appropriate consent of the customer or team member.

2.5 We may record interactions, such as telephone calls or chats, to or from TELUS service representatives for quality assurance and training purposes; our systems may also conduct real-time analytics on such interactions to identify trends and patterns to help us serve you better.

The knowledge and consent of a customer or team member are required for the collection, use, or disclosure of personal information, except where not required by applicable privacy legislation. In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual.

For example, TELUS may collect personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is seriously ill or mentally incapacitated.

TELUS may also collect, use or disclose personal information without knowledge or consent if, for example, seeking consent would compromise the availability or accuracy of the information in the context of an investigation, collection and use of the information is reasonable and useful in the investigation of a contravention of a federal or provincial law, or disclosure is required for investigating a breach of an agreement or for the purposes of detecting, suppressing or preventing fraud.

TELUS may also use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.

TELUS may also disclose personal information without knowledge or consent to a lawyer representing TELUS, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required or permitted by law.

The Code does not require consent for the collection, use or disclosure of information about a customer or team member that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act or provincial privacy legislation, where applicable.

3.1 In obtaining consent, TELUS shall use reasonable efforts to ensure that a customer or team member is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated so that it is reasonable to expect that the customer or team member would understand the nature, purpose and consequences of granting consent.

3.2 Generally, TELUS shall seek consent to use and disclose personal information at the same time it collects the information. However, TELUS may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose.

3.3 TELUS will require customers to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service if such collection, use or disclosure is required to fulfill the identified purposes.

3.4 In determining the appropriate form of consent, TELUS shall take into account the sensitivity of the personal information and the reasonable expectations of its customers and team members.

3.5 In general, the use of products and services by a customer, or the acceptance of employment or benefits by a team member, constitutes implied consent for TELUS to collect, use and disclose personal information for all identified purposes.

3.6 A customer or team member may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers and team members may contact TELUS for more information regarding the implications of withdrawing consent.

TELUS shall limit the collection of personal information to that which is necessary for the purposes identified by TELUS. TELUS shall collect personal information by fair and lawful means.

4.1 TELUS collects personal information primarily from its customers or team members.

4.2 TELUS may also collect personal information from other sources including credit bureaus, employers or personal references, publicly available sources or other third parties who properly represent that they have the right to disclose the information.

TELUS shall not use or disclose personal information for purposes other than for identified purposes, except with the consent of the individual, for exceptions set out in legislation, or as required by law. TELUS shall retain personal information only as long as reasonably necessary for the fulfillment of those purposes.

5.1 Subject to applicable CRTC regulations, TELUS may share a customer's personal information, with the information to be used only for the purpose for which it was shared, to:

a person seeking information as an agent of a customer, such as a customer's legal representative or as an authorized user under his or her account, if TELUS is satisfied that the person is authorized to receive the information;

other TELUS business units to help TELUS serve its customers better and to provide them with services from different parts of the company;

another telecommunications company for the efficient and cost-effective provision of telecommunications services;

a company involved in supplying a customer with telecommunications or directory-related services;

our suppliers, agents or other organizations or individuals contracted to TELUS to perform services or functions on our behalf where they require the information to assist us in serving you;

a credit bureau to evaluate a customer's creditworthiness for monthly reporting purposes on the status of your payment history with TELUS;

with collection agencies to collect an account if your account has been referred for collection;

a public authority or agent of a public authority if, in the reasonable judgment of TELUS, it appears that there is imminent danger to life, health or security of an individual which could be avoided or minimized by disclosure of the information;

third parties in connection with the sale or outsourcing of parts of TELUS' business, the sale or securitization of assets, or the merger or amalgamation of part or all of TELUS' business with other entities. Since customer and account information and team member information will normally be a part of such transactions, TELUS may use or disclose such information to other parties included in the transaction, as part of due diligence and/or on completion of the transaction; or

a government agency or other third party, if required to meet legal and regulatory requirements. If a customer dials 911, for example, TELUS will provide the customer's name, telephone number and location information to the emergency agency.

5.2 TELUS may disclose personal information about its team members:

For standard personnel and benefits administration;

In the context of providing references regarding current or former team members in response to requests from prospective employers;

Where the team member consents to such disclosure or disclosure is required by law or for exceptions specified under the applicable legislation.

5.3 Only TELUS' team members with a business need to know, or whose duties reasonably so require, are granted access to personal information about customers and team members.

5.4 TELUS shall keep personal information for as long as it remains reasonably necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer or team member, TELUS shall retain, for a period of time that is reasonably sufficient to allow for access by the customer or team member, either the actual information or the rationale for making the decision.

5.5 TELUS shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer reasonably necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

6.1 Personal information used by TELUS shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer or team member.

6.2 TELUS shall update personal information about customers and team members as and when reasonably necessary to fulfill the identified purposes or upon notification by the individual.

TELUS shall protect personal information by security safeguards appropriate to the sensitivity of the information.

7.2 TELUS shall protect personal information shared with third parties by a variety of means, including by contractual agreements stipulating the confidentiality and security of the information and the purposes for which it is to be used.

7.3 All of TELUS' team members with access to personal information shall be required to appropriately respect the confidentiality of that information.

7.4 TELUS may store and process personal information in Canada or another country. In either case, the personal information is protected with appropriate security safeguards, but may be available to foreign government agencies under applicable law.

TELUS shall make readily available to customers and team members specific information about its policies and practices relating to the management of personal information.

8.1 TELUS shall make information about its policies and practices easy to understand, including:

The title and address of the person or persons accountable for TELUS' compliance with the TELUS Privacy Code and to whom inquiries or complaints can be forwarded;

The means of gaining access to one's own personal information held by TELUS;

A description of the type of personal information held by TELUS, including a general account of its use.

8.2 TELUS shall make available information to help customers and team members exercise choices regarding the use of their personal information and the privacy-enhancing services available from TELUS.

TELUS shall inform a customer or team member of the existence, use, and disclosure of his or her personal information upon request and shall give the individual access to that information. A customer or team member shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

9.1 Upon request, TELUS shall afford customers and team members a reasonable opportunity to review the personal information TELUS holds about them. Personal information shall be made accessible to the individual in understandable form, within a reasonable time, and at minimal or no cost to the individual.

9.2 In certain situations, TELUS may not be able to provide access to all the personal information that it holds about a customer or team member. For example, TELUS may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, TELUS may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor – client privilege, or, in civil law, by the professional secrecy of lawyers and notaries, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, TELUS shall provide the reasons for denying access upon request. In general, the exceptions above do not apply if the individual needs the information because an individual's life, health or security is threatened.

9.3 Upon request, TELUS shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, TELUS shall provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.

9.4 In order to safeguard personal information, a customer or team member may be required to provide sufficient identification information to permit TELUS to account for the existence, use and disclosure of personal information and to authorize access to the individual's personal information.

9.5 TELUS shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual's file. Where appropriate, TELUS shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.

9.6 Customers can seek access to their personal information by contacting a designated representative at TELUS.

9.7 Team members can seek access to their personal information by contacting their manager within TELUS.

A customer or team member shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for TELUS' compliance with the TELUS Privacy Code.

10.1 TELUS shall maintain procedures for addressing and responding to all inquiries or complaints from its customers and team members about TELUS' handling of personal information.

10.2 TELUS shall inform its customers and team members about the existence of these procedures as well as the availability of complaint procedures.

10.3 TELUS shall investigate all complaints concerning compliance with the TELUS Privacy Code. If a complaint is found to be justified, TELUS shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer or team member shall be informed of the outcome of the investigation regarding his or her complaint.

10.4 A customer or team member may seek advice from the Office of the Privacy Commissioner of Canada or the provincial Privacy Commissioner having jurisdiction, and, if appropriate, file a written complaint with the Commissioner's office. However, the customer or team member is encouraged to use TELUS' complaint procedures first.

Technology is evolving and so are we

Data analytics at TELUS

Data analytics is the examination or analysis of data in order to gather useful insights or draw conclusions. TELUS conducts data analytics using customer data to manage and develop our business and operations, to understand your needs and preferences, and to develop, enhance, market or provide products and services to you.

At TELUS, we believe that data can also be used to benefit society (for social good), when used responsibly. With today's technology, we have access to more data that can be de-identified (personal identifiers are removed), aggregated and then studied to help partners make better decisions than ever before – decisions that can improve our lives, our health, our cities and our society.

We recognize that new uses of data can create new privacy challenges. It's now more important than ever to protect your privacy. While we look for new ways to deliver on the promise of data analytics, we remain steadfast in our promise to protect your privacy.

Watch our video to learn more about how TELUS is exploring the big possibilities of data analytics and how we protect your privacy.

Value can be found in the overall trends and patterns drawn from mobile device location data, like pedestrian and vehicle traffic flow. For example, traffic flow information can assist governments in planning where to build new health services, how to alleviate traffic congestion or better evacuation routes in the event of a natural disaster. We believe that we can derive important insights that can benefit Canadians through the analysis of data that has been strongly de-identified before these types of analytics are even conducted. This is what we do at TELUS. By removing personal information, TELUS can help deliver the value of data analytics while still ensuring privacy for our customers.

We may provide de-identified data to third parties to assist in research, planning, or product and service development; we employ strong and effective de-identification mechanisms to ensure that our customers' personal information is not disclosed when we do so.

Let us illustrate with an example:

As technology evolves, massive amounts of data are generated every day. This is often referred to as "big data."

This data has tremendous potential to change our society for the better. Used responsibly, big data can help governments and businesses make important decisions based on facts, not assumptions.

It can be used to help plan safer and more sustainable cities, improve healthcare and boost local economies.

TELUS recognizes the potential of big data – and we want to use it to help answer big questions that will improve the lives of Canadians.

To use data in new and innovative ways, we must also find new ways of protecting and safeguarding our customers' personal information. This is why we work with prominent industry experts to lead the way when it comes to data privacy standards.

We know the potential in data is in the big insights we can derive, not in gaining access to an individual's personal information. That's why strong de-identification and aggregation are the most powerful tools for protecting privacy.

Here's what de-identification and aggregation look like

Big data starts with massive sets of information.

Before any analysis begins, all personal information is removed from the data so that it can't be linked back to an individual.

Then, the data is aggregated into large sets. Aggregation further protects privacy by using complex algorithmic models to group and summarize the data into bulk data sets.

Then, it's possible to analyze the data to find trends and draw insights, like population patterns, without compromising privacy.

TELUS can use these insights to help our partners, like municipalities, decide where to locate schools, health clinics and other public services.

By using strong de-identification techniques and aggregation, we can harness the potential of big data without sharing any personal information.

At TELUS, we know that with big data comes the big responsibility of safeguarding your privacy. It's just another way we put you first.

It's up to you

One of the choices we provide at TELUS is the opportunity for our mobility subscribers to opt-out of including their location information in de-identified form where the information or insights are intended to be disclosed to third parties to assist in research, planning, or product and service development, except where such sharing is required by law.

If you wish to opt-out, click on the button below and enter your mobile number.

Get WISE about Internet and Smartphone safety and security

TELUS WISE (Wise Internet and Smartphone Education) is an industry-leading educational program on Internet and Smartphone safety that builds on TELUS' track record of partnering with the Canadian Centre for Child Protection to offer similar educational information to Canadians. TELUS is introducing this program to our business customers for the benefit of their employees and their families.

Transparency disclosure

In 2016, there was continued global discussion about disclosures of personal information to government organizations for law enforcement purposes. Accurate information about the nature and volume of personal information requests by law enforcement to private companies helps inform this ongoing discussion, and will shape our country’s privacy landscape. It is in that spirit that we provide our fourth annual transparency report, which provides insight into our approach responding to requests as well as the volume and types of requests we receive. We are proud of our record of openly sharing with our customers the details about how we respectfully handle and secure their data.